International Space Station (ISS) software security has been brought into question after on board systems were infected by a computer virus earlier this month. This is possibly the first time that a computer in space has played host to a malicious piece of software code, intended to seek out installed online gaming software and then transmit sensitive information it to an attacker. Although the virus in question, known as the W32.Gammima.AG worm, is pretty harmless (after all, I don’t think the astronauts on board play many online games), the infection comes as a surprise. Why hasn’t the ISS got sufficient anti-virus software installed? How did this security breech pass unnoticed until now? The space station may have narrowly dodged the bullet on this one, as if the worm was a little more virulent, there aren’t many network managers between here and low Earth orbit to find a quick solution to the problem…
When writing Has the First Extraterrestrial (Computer) Virus Been Discovered on the Space Station?, I couldn’t help but be impressed with how easy it is to contract a computer virus. I’ve battled with many viruses, worms and trojans in my time (with varying degrees of success; cured, part-cured, mostly-infected and buy-new-laptop), but I can honestly say that 99% of the time, my computer was infected by me being stupid. Yes, I’ve clicked on “that” attachment in an email from someone I didn’t know. Yes, I’ve installed “free” programs that ended up costing me a new computer. And yes, I’ve been hacked after not updating my firewall. All were stupid mistakes (usually spawned from laziness), occasionally resulting in the loss of everything on my hard drive. I like to think I’ve learned my lesson and I try to keep my anti-virus program and operating system updated, and I backup all my files as often as I can.
So, today I read the daily reports from the ISS after following up an article that the station had been infected by a worm and it sounds more like an epic battle I had with my first “serious” virus (the Nimda worm – turned my purring desktop into a rusty lawnmower engine) in 2002 than space exploration.
So I read about the fun ISS cosmonaut Sergey Volkov is having on the station trying to track down the errant Gammima worm, fighting the good fight:
- Aug. 14th: Working on the Russian RSS-2 laptop, Sergey Volkov ran digital photo flash cards from stowage through a virus check with the Norton AntiVirus application.
- Aug. 21st: Sergey checked another Russian laptop, today RSK-1, for software virus by scanning its hard drives and a photo disk with the Norton AntiVirus application.
- Aug. 22nd: CDR Volkov began his day by downlinking yesterday’s Norton AntiVirus (NAV) data from the RSK-1 laptop scan. Later in the day, FE-2 Chamitoff also ran the scan on the SSC (Station Support Computer) to be used for downloading today’s 1553-bus comm files of the JEMRMS (Japanese Experiment Module/Robotic Manipulator System) Checkout #4 from the RLT (RMS Laptop Terminal) to the OpsLAN for downlinking. [All A31p laptops onboard are currently being loaded with latest NAV software and updated definition files for increased protection.]
There is some wonderful verbiage used in the NASA reports, but I especially like, “All A31p laptops onboard are currently being loaded with latest NAV software and updated definition files for increased protection.” It really does sound as if they’ve never had to use an anti-virus application before. Did mission control really send a guy to a computer store with the sole instructions: “get any anti-virus application”? Did he grab the first piece of software he could find, run back to NASA HQ panting, “…here it is! The bloke at the shop said it’s just what we need!”? Possibly. I’m not sure uploading Norton is the best of ideas, but I’m hoping this piece of unwieldy software will kill the worm and provide future protection for the station (as long as the ISS keeps its Norton subscription so they can keep their definition files updated for increased protection…)
Putting Norton to one side for now, how did the ISS become infected in the first place? There does appear to be a hint that it didn’t come from NASA. According to SpaceRef, NASA briefly says, “Working with Russians (and other partners) regarding ground procedures to protect flown equipment in the future.” Does this suggest the worm may have been transferred by one of the other ISS partners? NASA also points the finger of blame at a personal flash drive that had been used on the space station’s hardware, spreading the Gammima worm throughout the station. Although it is harmless, it does expose a potentially crippling flaw with the stations vulnerability to virus attack.